Summary: Digging For Gold: Finding Vulnerable Web Applications - The Passive Vulnerability Scanner ash many strengths, one of them being able to pick out vulnerable web applications in your environment. Over the years working for several different organizations, this has been a reoccurring problem. Specifically when you work for an organization large enough to have folks deploying their own applications (and it doesn't have to be that large of an organization to have this problem). Web applications help solve a problem, whether it be a blog for corporate communications or a photo gallery for a student group. Its too easy to choose the wrong application, or install an application today that introduced a serious vulnerability down the road. While you can scan using traditional network-based scanning, ask your administrators to keep tabs on installed applications or manually audit your web servers you will undoubtledly miss something. For systems administrators this can be a tough task, as an web application can be represented by a collection of downloaded files, not part of the operating system package management system. By listening to the network traffic, applications and their vulnerabilities can be spotted easily. Top Problems: Patches, Virtualization/Cloud and Mobile/BYOD - Jack and I just completed 3 webcasts in a 4 part series called "Vulnerabilities Exposed". We highlighted several problem areas for organizations. First, we covered the patch problem, and how organizations still struggle to keep things patches and how you can reduce your patch cycle. Then we took on virtualization and cloud. Two technologies that are in large part responsible for changing the face of IT as we know it, and altering your security strategies forever. We now have a much greater attack surface and more applications outside of our control than ever before. Recently we took a look at the Mobile and BYOD problem. Not just limited to smartphones and tablets, today's workforce have more technology available to them than ever before. Using Tenable products we outlines techniques to stay ahead of this problem. Finally, on November 12th we'll talk about how to take all of the information our products collect on these vulnerabilities and threats and distill them down for management.
